Hello community,
here is the log from the commit of package ca-certificates.2405 for
openSUSE:13.1:Update checked in at 2013-12-23 15:24:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.1:Update/ca-certificates.2405 (Old)
and /work/SRC/openSUSE:13.1:Update/.ca-certificates.2405.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ca-certificates.2405"
Changes:
--------
New Changes file:
--- /dev/null 2013-11-25 01:44:08.036031256 +0100
+++
/work/SRC/openSUSE:13.1:Update/.ca-certificates.2405.new/ca-certificates.changes
2013-12-23 15:24:03.000000000 +0100
@@ -0,0 +1,129 @@
+-------------------------------------------------------------------
+Tue Dec 17 08:45:42 UTC 2013 - [email protected]
+
+- etc_ssl.run: fix typo (bnc#855711)
+
+-------------------------------------------------------------------
+Wed Oct 16 15:11:26 UTC 2013 - [email protected]
+
+- fix typo in README (bnc#845500)
+- remove old extractcerts.pl
+
+-------------------------------------------------------------------
+Tue Aug 27 12:53:44 UTC 2013 - [email protected]
+
+- re-enable the CA bundle again for glib-networking (bnc#825903)
+
+-------------------------------------------------------------------
+Tue Aug 27 07:11:04 UTC 2013 - [email protected]
+
+- make sure we have p11-kit >= 0.19.3 which has the 'trust' command
+ (bnc#836560)
+
+-------------------------------------------------------------------
+Mon Aug 5 11:24:04 UTC 2013 - [email protected]
+
+- don't remove symlinks to other locations in /etc/ssl/certs
+- use the trust binary instead of p11-kit to extract trust
+
+-------------------------------------------------------------------
+Thu Jun 27 16:17:51 UTC 2013 - [email protected]
+
+- disable generating ca-bundle for now again so people don't submit
+ new packages that use this file.
+
+-------------------------------------------------------------------
+Mon Jun 24 21:09:16 UTC 2013 - [email protected]
+
+- Explicitly require p11-kit, otherwise trusted certificates won't
+ be generated
+
+-------------------------------------------------------------------
+Mon Jun 24 12:46:30 UTC 2013 - [email protected]
+
+- update manpage
+
+-------------------------------------------------------------------
+Thu Jun 20 09:15:52 UTC 2013 - [email protected]
+
+- use p11-kit to generate the files
+
+-------------------------------------------------------------------
+Fri May 4 11:55:14 UTC 2012 - [email protected]
+
+- give hint about SSL_CTX_set_default_verify_paths in cert bundle
+
+-------------------------------------------------------------------
+Mon Oct 24 11:57:53 UTC 2011 - [email protected]
+
+- require coreutils for %post script
+
+-------------------------------------------------------------------
+Mon Jun 20 12:49:52 UTC 2011 - [email protected]
+
+- fix spurious rpm warning if no java exists (bnc#634793)
+- move java.run to java-ca-certificates
+
+-------------------------------------------------------------------
+Mon Sep 27 14:58:03 UTC 2010 - [email protected]
+
+- catch FileNotFoundException (bnc#623365)
+
+-------------------------------------------------------------------
+Fri May 21 12:46:55 UTC 2010 - [email protected]
+
+* Use the gcc-java and fastjar for build to avoid dependency problems
+* build keystore.class only to allow noarch package
+
+-------------------------------------------------------------------
+Wed May 19 09:57:41 UTC 2010 - [email protected]
+
+- create java bundles
+
+-------------------------------------------------------------------
+Tue Apr 27 14:17:24 UTC 2010 - [email protected]
+
+- also use hooks from /usr/lib/ca-certificates/update.d
+- replace bundle file with symlink to file in /var as it's auto
+ generated
+
+-------------------------------------------------------------------
+Wed Apr 21 13:20:07 UTC 2010 - [email protected]
+
+- force rebuilding all certificate stores in %post
+ This also makes sure we update the hash links in /etc/ssl/certs
+ as openssl changed the hash format between 0.9.8 and 1.0
+
+-------------------------------------------------------------------
+Thu Apr 8 13:16:43 UTC 2010 - [email protected]
+
+- actually install certbundle.run (bnc#594501)
+
+-------------------------------------------------------------------
+Thu Apr 8 09:15:28 UTC 2010 - [email protected]
+
+- it's ca-bundle.pem rather than cert.pem
+
+-------------------------------------------------------------------
+Thu Apr 8 07:51:25 UTC 2010 - [email protected]
+
+- obsolete openssl-certs (bnc#594434)
+- update manpage (bnc#594501)
+
+-------------------------------------------------------------------
+Thu Apr 1 13:00:37 UTC 2010 - [email protected]
+
+- include /etc/ca-certificates.conf as %ghost
+
+-------------------------------------------------------------------
+Fri Mar 26 15:26:01 UTC 2010 - [email protected]
+
+- generate ca-bundle with hook script
+- don't use trusted certificates in ca-bundle file for compatibility
+ with gnutls
+
+-------------------------------------------------------------------
+Wed Mar 24 10:31:47 UTC 2010 - [email protected]
+
+- new package
+
New:
----
ca-certificates-1_201312011643.tar.xz
ca-certificates.changes
ca-certificates.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ca-certificates.spec ++++++
#
# spec file for package ca-certificates
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# the ca bundle file was meant as compat option for e.g.
# proprietary packages. It's not meant to be used at all.
# unfortunately glib-networking has such a complicated abstraction
# on top of gnutls that we have to live with the bundle for now
%bcond_without cabundle
BuildRequires: openssl
BuildRequires: p11-kit-devel
Name: ca-certificates
%define ssletcdir %{_sysconfdir}/ssl
%define cabundle /var/lib/ca-certificates/ca-bundle.pem
%define sslcerts %{ssletcdir}/certs
Version: 1_201312011643
Release: 0
Summary: Utilities for system wide CA certificate installation
License: GPL-2.0+
Group: Productivity/Networking/Security
Source0: ca-certificates-%{version}.tar.xz
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url: https://github.com/openSUSE/ca-certificates
#
Requires: openssl
Requires: p11-kit
Requires: p11-kit-tools >= 0.19.3
# needed for %post
Requires(post): coreutils openssl p11-kit-tools
Recommends: ca-certificates-mozilla
# we need to obsolete openssl-certs to make sure it's files are
# gone when a package providing actual certificates gets
# installed (bnc#594434).
Obsoletes: openssl-certs < 0.9.9
# no need for a separate Java package anymore. The bundle is
# created by C code.
Obsoletes: java-ca-certificates = 1
Provides: java-ca-certificates = %version-%release
BuildArch: noarch
%description
Utilities for system wide CA certificate installation
%prep
%setup -q
%build
%install
%if %{without cabundle}
rm -f certbundle.run
%endif
%make_install
install -d m 755 %{buildroot}%{trustdir_cfg}/{anchors,blacklist}
install -d m 755 %{buildroot}%{trustdir_static}/{anchors,blacklist}
install -d m 755 %{buildroot}/etc/ssl/certs
install -d m 755 %{buildroot}/etc/ca-certificates/update.d
install -d m 755 %{buildroot}%{_prefix}/lib/ca-certificates/update.d
install -d m 755 %{buildroot}/var/lib/ca-certificates/pem
install -d m 755 %{buildroot}/var/lib/ca-certificates/openssl
%if %{with cabundle}
install -D -m 644 /dev/null %{buildroot}/%{cabundle}
ln -s %{cabundle} %{buildroot}%{ssletcdir}/ca-bundle.pem
%endif
install -D -m 644 /dev/null %{buildroot}/var/lib/ca-certificates/java-cacerts
%post
if [ -s /etc/ca-certificates.conf ]; then
while read line; do
[ ${line#\!} != "$line" ] || continue
cert="${line#\!*/}"
ln -s /usr/share/ca-certificates/anchors/"$cert"
%{trustdir_cfg}/blacklist
done < /etc/ca-certificates.conf
echo "/etc/ca-certificates.conf converted and saved as
/etc/ca-certificates.conf.rpmsave"
mv /etc/ca-certificates.conf /etc/ca-certificates.conf.rpmsave
fi
# force rebuilding all certificate stores.
# This also makes sure we update the hash links in /etc/ssl/certs
# as openssl changed the hash format between 0.9.8 and 1.0
update-ca-certificates -f || true
%postun
if [ "$1" -eq 0 ]; then
rm -rf /var/lib/ca-certificates/{pem,openssl}
fi
%clean
rm -rf %{buildroot}
%files
%defattr(-, root, root)
%doc COPYING README
%dir %{pkidir_cfg}
%dir %{trustdir_cfg}
%dir %{trustdir_cfg}/anchors
%dir %{trustdir_cfg}/blacklist
%dir %{pkidir_static}
%dir %{trustdir_static}
%dir %{trustdir_static}/anchors
%dir %{trustdir_static}/blacklist
%dir /etc/ssl/certs
%ghost /var/lib/ca-certificates/java-cacerts
%dir /etc/ca-certificates
%dir /etc/ca-certificates/update.d
%dir %{_prefix}/lib/ca-certificates
%dir %{_prefix}/lib/ca-certificates/update.d
%dir /var/lib/ca-certificates
%dir /var/lib/ca-certificates/pem
%dir /var/lib/ca-certificates/openssl
%{_sbindir}/update-ca-certificates
%{_mandir}/man8/update-ca-certificates.8*
%{_prefix}/lib/ca-certificates/update.d/java.run
%{_prefix}/lib/ca-certificates/update.d/etc_ssl.run
%{_prefix}/lib/ca-certificates/update.d/openssl.run
#
%if %{with cabundle}
%{ssletcdir}/ca-bundle.pem
%ghost %{cabundle}
%{_prefix}/lib/ca-certificates/update.d/certbundle.run
%endif
%changelog
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
